If you do not have an external CA and one is enabled within ADSS Server then the following steps enable you to create a new operator certificate using the Manage CAs of ADSS Server if licensed. 

  • Create a Client Authentication Key by following this URL: Key Manager > Generating New Keys to create the key (allowing the option for key export)
  • Create a certificate for this new key by following this URL: Key Manager > Generating Certificates to create the certificate (self-signed certificates are NOT supported for operator certificates), export the certificate (*.cer) to enable it to be added as defined here: Adding an Operator
  • In Trust Manager ensure the option "CA for verifying TLS client certificates" is selected for the CA that issued this certificate.
  • Export the operator key and certificate as a .pfx or .p12 file and install it into your browser.
  • You will need to restart the ADSS Server Windows services or Unix Daemons if you have changed the Trust Manager settings.
  • Assuming you have been added as an operator with a suitable role and you can now login to the ADSS Server console by relaunching the browser.


See also

Access Control

Creating Operator Accounts & Enabling Dual Control
Set-up Emergency Use Admin Accounts